In 2025, organizations worldwide faced a broad range of risks, including natural disasters, climate change impacts, trade policy turmoil, reputation risk, cybersecurity threats, and legal and regulatory concerns. Our annual review looks back on some of the year’s most notable risk events, highlighting top challenges risk professionals had to address in 2025 and events that will shape the risk landscape moving into 2026.
Los Angeles Wildfires Devastate Southern California
January 7
A series of wildfires burned 57,000 acres of the Los Angeles metropolitan area, killing more than 30 people, forcing 200,000 to evacuate, and destroying more than 18,000 homes and businesses, including the houses of many celebrities. The fires were more severe due to acute drought conditions in Southern California and strong Santa Ana winds that reached hurricane force in some areas. Most of the damage came from the two largest fires, the Palisades and Eaton fires, which took three weeks to fully contain. Cumulative insured losses from the wildfires reached $40 billion and economic damages were estimated to be as high as $250 billion, making it not only the costliest wildfire, but one of the costliest natural disasters of any type in U.S. history. In August, researchers from Boston University and the University of Helsinki found that the fires may have ultimately caused an estimated 440 total fatalities when including indirect deaths from smoke and air pollution and disruptions to critical healthcare and other public services.
67 Killed After American Airlines Plane Collides with Army Helicopter
January 29
Moments from landing at Reagan International Airport outside of Washington, D.C., an American Airlines flight and a U.S. Army helicopter collided in midair, killing all 67 people aboard the two aircraft. The tragic accident was the deadliest air disaster in the United States since September 11, 2001. President Trump publicly blamed the Biden administration and “woke” policies for the incident, citing DEI hiring initiatives that have long been in place, but provided no evidence of any lack of qualifications or wrongdoing on the part of pilots or air traffic controllers. Indeed, the Trump administration implemented cuts and hiring freezes in the Federal Aviation Administration, despite federal officials warning for years about an overtaxed and understaffed air traffic control system that could lead to disaster. Air traffic controllers continued to grapple with understaffing and systemic problems throughout the year. During the government shutdown in the fall, air traffic controllers were required to continue working, despite not being paid for weeks and being told they might not receive back pay when the government reopened. The Trump administration also ordered significant reductions in air traffic in 40 major markets, causing days of chaos, delays and cancellations for commercial, private and cargo flights.
Target Takes $12.4 Billion Hit After Walking Back DEI Commitments
February 28
The Trump administration has been vocal about targeting and suspending or rolling back DEI programs across the federal government, and many companies have followed suit. While some customers favor these moves, there has also been major consumer backlash against companies that are walking back their commitments. After making headlines for DEI commitments amid the Black Lives Matter movement, Target abandoned several DEI-related programs in January, including ending its “Belonging at the Bullseye” initiative to cultivate career development among employees of color, withdrawing from the Human Rights Campaign’s Corporate Equality Index on LGBTQ+ inclusion, and “evolving” a program to promote supplier diversity in its procurement processes. Many consumers felt betrayed by the move, which drew negative press and prompted a boycott that appears to have had a notable impact. Target’s stock plummeted by over $27 per share by the end of February, losing more than $12.4 billion in market value.
Tornado Outbreak Causes Record $11 Billion in Damages
March 13
A widespread tornado outbreak struck the Midwestern and Eastern United States, killing 43 people and causing $11 billion in damages over a four-day period. In terms of total damages, it was the costliest outbreak on record. Severe convective storm (SCS) activity including tornadoes reached an all-time high in 2025. As of December 10, the NOAA Storm Prediction Center had recorded 1,543 tornadoes in the United States this year, a 13% increase over the 15-year average of 1,368 during the same period. In the first nine months of the year, Gallagher reported economic losses from severe convective storms reached $61 billion, of which $42 billion was insured, making it the fourth-costliest SCS loss year for insurers. During that period, the United States saw 17 different billion-dollar SCS loss events, including an April outbreak of 157 confirmed tornadoes and flash flooding that caused $4.1 billion in damages as well as a May tornado outbreak that caused $5.9 billion in damages.
Myanmar Earthquake Kills 5,300, Causes Widespread Destruction 2
March 28
In one of the year’s deadliest natural disasters, a magnitude 7.9 earthquake struck near the city of Mandalay in Myanmar, killing more than 5,300 people and injuring 11,000. Another 100 people were also killed in neighboring Thailand when the quake caused the collapse of a skyscraper that was under construction in Bangkok. In Myanmar, more than 48,000 homes and thousands of government buildings, schools, mosques, monasteries, bridges and other infrastructure were destroyed. While the quake caused an estimated $12 billion in economic damages in the country, Aon reported that less than $100 million was insured due to low insurance penetration rates. According to the World Economic Forum, the disaster exposed systemic risk factors in the impoverished country, including unsafe housing and under-enforced building codes, insufficient disaster planning, underfunded health systems, and a lack of social or fiscal safety nets.
President Trump Announces Sweeping Tariffs at “Liberation Day” Press Conference
April 2
On what he dubbed “Liberation Day,” President Donald Trump signed an executive order imposing a baseline 10% tariff on imports from almost all U.S. trading partners around the world and higher reciprocal tariff rates of up to 50% on countries that were deemed to have the highest trade deficits with the United States. In response, global stock markets crashed and countries threatened steep retaliatory tariffs of their own. Days later, the Trump administration announced a 90-day pause of all country-specific tariffs, except for those imposed on China, and expressed a desire to negotiate separate trade deals with each country. The dramatic seesawing around tariffs and uncertain trade policy continued throughout the year as President Trump threatened or imposed new levies on goods from various countries, including close trading partners, only to change position or amend terms later. While the administration has said that the tariffs have raised trillions of dollars in revenue, they have created major challenges for the broader economy and specific businesses, which have had to adjust their operations and determine how much of the cost to pass on to customers. Indeed, by October, according to Goldman Sachs, U.S. consumers were bearing as much as 55% of the costs of the tariffs as prices for goods and services continued to climb. Costco and other businesses have sued the federal government seeking refunds on the duties collected, claiming the tariffs were levied illegally. The Supreme Court is currently weighing whether the president has the authority to unilaterally set tariff rates as the Constitution specifically grants Congress the power to assign and collect duties and regulate foreign commerce. The Trump administration has tried to seize this power on the grounds that it considers the trade imbalance a “national emergency.”
Ransomware Attack Wreaks Havoc on British Retailer Marks & Spencer
April 19
Iconic British retailer Marks & Spencer (M&S) was hit by a major ransomware attack that caused acute operational disruption from April into July. The attack forced the company to suspend online transactions, which typically account for £3.8 million ($5.1 million) in sales a day, and for in-store customers, store staff had to resort to pen and paper for billions of dollars’ worth of food and clothing orders after shutting down automated stock systems. This also led to bare shelves and considerable reputation impact from frustrated customers, in addition to higher waste and logistics costs. Within a month, M&S lost £1 billion ($1.3 billion) of its stock market value, and the firm estimated the attack would cost about £300 million ($401 million), of which it hoped to recoup about £100 million ($134 million) from insurance. The attack is thought to have been carried out by the hacking group Scattered Spider, which used social engineering tactics to target a third-party vendor and ultimately gain access to M&S systems. Hackers also attacked British retailers Co-op and Harrods in 2025, prompting many retailers around the world to race to boost cyber defenses.
Canadian Provinces Declare States of Emergency over Wildfires
May 28
On May 28 and 29, the Canadian provinces of Manitoba and Saskatchewan declared month-long states of emergency due to a number of concurrent wildfires deemed out of control. The fires were exacerbated by a local heatwave that broke 125-year records in Winnipeg. Some of this year’s fires started as holdover fires from the record-breaking 2023 wildfire season. Also known as “zombie” or “overwintering” fires, holdover fires are peat fires that continue from year to year, smoldering under the snow during the winter and then growing more intense when the weather warms. Scientists believe zombie fires may become more common due to the impacts of climate change as they more frequently occur after hotter summers, which lead to drier subterranean vegetation and soil—the fuel these fires consume when hibernating underground. Ultimately, 2025 was the second-worst wildfire season in Canadian history, with the Canadian government reporting over 6,000 wildfires in almost every province and territory, burning a total of over 8.3 million hectares (20.5 million acres). From April through October, the risk and impacts of wildfires forced the evacuation of more than 85,000 people, including over 45,000 people from 73 First Nations communities. Smoke from the fires caused hazardous air quality across both Canada and parts of the United States and even polluted the air as far away as Europe.
Courts Rule in Favor of Tech Companies in AI Copyright Cases
June 24
A U.S. district court judge ruled that Anthropic did not violate authors’ copyrights when it used their books to train its AI tool Claude, categorizing the training process as “fair use,” a legal doctrine that permits repurposing copyrighted work if it is substantially changed. Later that week, another judge ruled in favor of Meta in a suit brought by a group of authors that unsuccessfully argued that Facebook’s parent company had violated their copyrights when training its AI system. However, the judge in the Meta case provided hope for authors and creative professionals in future AI suits. In “many circumstances,” the judge said the use of copyrighted material in AI training would be considered illegal and that companies “will generally need to pay copyright holders for the right to use their materials.” Indeed, in September, Anthropic agreed to pay a $1.5 billion settlement to the group of authors in the original class action suit for using their pirated books to create a central library for AI training. Currently, there are more than 40 pending cases that have been filed by copyright holders against AI companies in the United States, alleging infringement of content ranging from books and newspaper articles to images and music.
Italian Court Sentences Executives to 141 Years in Prison for PFAS Pollution
June 26
A group of 11 former executives of the Italian chemical company Miteni were sentenced to a total of 141 years in jail after they were found guilty of polluting the groundwater and soil of a 70-square-mile area in Northern Italy’s Veneto region with per- and polyfluoroalkyl substances (PFAS). The chemicals contaminated the drinking water of 350,000 people in 21 towns and, according to a 2024 study in the journal Environmental Health, contributed to an estimated 4,000 excess deaths in the region from various forms of cancer and cardiovascular disease. The court also imposed over €75 million ($88 million) in civil penalties to compensate affected individuals and public entities and to pay for future cleanup and remediation efforts. A host of regulations banning or restricting the use of PFAS, often called “forever chemicals,” were implemented or proposed around the world in 2025, including in Canada, the European Union, Australia, New Zealand and Japan. Many U.S. states also implemented PFAS bans or restrictions. At the federal level, rules governing PFAS reporting and contaminant levels in drinking water have been enacted in recent years, however, some of these requirements were eased or delayed by the EPA in 2025 to reduce the financial burden on businesses.
135 People Killed in Texas Floods
July 4
At least 135 people were killed by flash flooding in central Texas after the equivalent of four months’ worth of heavy rain caused the Guadalupe River to rise 26 feet in just 45 minutes. Fatalities were primarily concentrated in Kerr County, where the 117 killed included campers and counselors at the Camp Mystic summer camp. Several factors contributed to the severity of the flooding, including the effects of climate change, the ineffectiveness of weather forecasts and evacuation alerts, and delays in disaster response efforts.
Jellyfish Swarm Shuts Down French Nuclear Power Plant
August 11
One of France’s largest nuclear power plants was forced to partially shut down when a massive swarm of jellyfish clogged the intake pipes that feed the plant’s cooling system. The blockage at Gravelines Nuclear Power Station triggered safety systems to automatically shut off four of the six reactors at the site, but according to the plant’s operator, there was “no impact on the safety of the facilities, the safety of personnel or the environment.” In early September, another swarm of jellyfish entered the pumping station filters at another French nuclear plant, forcing a shutdown that temporarily cut the facility’s electricity generation in half. Over the past two decades, jellyfish have disrupted power plant operations in similar incidents in Scotland, Sweden, Israel, China, Japan and the United States. Marine experts believe these swarms are exacerbated by climate change and warmer ocean surface temperatures, which lead to larger and more active jellyfish populations.
EU Fines Google $3.5 Billion for Antitrust Violations
September 4
The European Commission fined Google €2.95 billion ($3.5 billion) for violating antitrust laws by favoring its own online display advertising technology services to the detriment of rival service providers. It was the EU’s second-largest antitrust fine after a €4.3 billion penalty against Google in 2018. As required by the commission, Google has proposed several changes to its ad tech business in the EU to eliminate conflicts of interest. The penalty was part of a larger EU crackdown on tech sector business practices. In April, the European Commission fined Apple €500 million ($587 million) and Meta €200 million ($235 million) for violations of the Digital Markets Act, which establishes data transparency and interoperability requirements for large tech companies to ensure fair competition in digital markets. In December, Elon Musk’s X was issued the first-ever penalty under the consumer-focused Digital Services Act. The company formerly known as Twitter was fined €120 million ($141 million) for the deceptive use of its “blue checkmark” to identify verified users, the lack of transparency of its advertising repository and the failure to provide access to public data for researchers.
ICE Raids Georgia Hyundai Plant 8
September 4
Agents from U.S. Immigration and Customs Enforcement (ICE) conducted a raid at a Hyundai Motor Group plant in Ellabell, Georgia, arresting 475 workers in what the U.S. Department of Homeland Security (DHS) described as the largest single-site immigration enforcement operation in the agency’s history. More than 300 South Korean nationals were detained, straining diplomatic relations between South Korea and the United States and raising questions around the willingness of foreign businesses to invest in the United States in the future. The raid was part of the Trump Administration’s aggressive campaign of immigration enforcement, which began in January with ICE agents across the country detaining suspected undocumented immigrants in workplaces, schools, hospitals, courthouses, parking lots and other public spaces. By September, DHS said that two million immigrants had been deported or had left the country on their own. The administration’s policy has sparked protests because of the violent tactics of immigration agents, the legality of deportation operations, and the lack of due process afforded to detainees, some of whom were actually documented or U.S. citizens. Business owners have also expressed concerns about the risk to their operations due to a shrinking labor force and growing fear among many workers. Experts from the nonpartisan Peterson Institute for International Economics warned that, by 2028, mass deportations could reduce GDP by as much as 7.4% and raise prices for consumers by 9.1%.
Trump Administration Claims Link Between Tylenol and Autism
September 22
Despite a lack of scientific evidence to back up his claims, President Trump asserted that use of the pain reliever Tylenol during pregnancy was associated with an increased risk of autism. “Taking Tylenol is not good. I’ll say it—it’s not good,” Trump stated in a press conference. The president further indicated that the FDA would be notifying physicians to stop recommending acetaminophen (the generic name for Tylenol) during pregnancy and would look into changing warning labels on the medication. The president’s unprecedented move of tellling people not to use an American company’s products had negative impacts on both the company and consumers. Tylenol maker Kenvue along with a host of medical organizations and experts refuted the administration’s claims, citing decades of studies and data supporting the safety of acetaminophen. The medication is used by more than half of pregnant women worldwide to ease pain. The reputation fallout for Kenvue was swift as the company’s stock dropped 7.5% immediately after the announcement, reducing the company’s market value by $2.6 billion. The state of Texas also sued Kenvue and its former parent company, Johnson & Johnson, for deceptively marketing Tylenol to pregnant women despite the alleged links to autism and other disorders. In October, U.S. Secretary of Health and Human Services Robert F. Kennedy, Jr., slightly walked back some of the claims, saying that the evidence did not prove definitively that Tylenol caused autism but that it is “very suggestive.”
Record U.S. Federal Government Shutdown Causes Widespread Disruptions
October 1
The federal government shut down after Congress failed to pass required appropriations bills or a temporary funding measure, causing significant disruptions to the economy, millions of households, and business and government operations across the country. Democrats wanted the necessary appropriations or funding bill to include extensions of health care subsidies to control health insurance costs for low- and middle-income Americans. Republicans refused to pass a measure that included such provisions and would not negotiate any such subsidies until the government was funded, leaving the parties at an impasse. From a macroeconomic perspective, the shutdown could have significant long-term impact. Analysts from EY estimated the shutdown could shave 1% to 1.5% off the nation’s GDP, and the Congressional Budget Office estimated the shutdown could cost the economy between $7 billion and $14 billion in lost output that will not be fully recovered, even with the government reopening. The shutdown also had a serious human toll, forcing one million federal workers to go weeks without pay, leaving many people without jobs, suspending key social services and threatening federal benefits such as SNAP (food stamps). For businesses, the shutdown created major operational challenges like freezing work done via federal contract, delaying payments, and slowing processes that require approvals or government processing, such as permits or data releases. Travel, transportation and tourism also saw significant interruptions, longer wait times, service reductions, and decreases in demand due to uncertainty. The shutdown finally ended on November 12 after a record 43 days, though the current funding agreement will only last through January 2026. The agreement to fund the government did not address ACA subsidies, which could lead to health insurance increases of up to 26%, potentially bringing costs to levels that would make coverage unaffordable for millions of Americans.
NFIP Lapses, Freezing New Policies and Threatening Home Sales
October 1
As part of the government shutdown, the National Flood Insurance Program was allowed to lapse. Existing policies stayed in effect, but new policies were not issued and renewals were not processed. This had notable implications for real estate, developers and homebuyers as having a flood insurance policy is required for federally-backed mortgages in high-risk areas. With policies not processed during the shutdown, this caused thousands of real estate transactions to be delayed or put at risk of cancellation. Lenders were advised that they could continue making loans, but would be responsible for flood determinations and risk management. The NFIP was extended when the government reopened, but true to form with this often-debated program, Congress only passed a short-term extension for the program rather than long-term reauthorization. The current extension will expire on January 30, 2026.
French Crown Jewels Stolen from the Louvre in Brazen Daytime Heist
October 19
In the span of seven minutes on an otherwise ordinary Sunday morning, four thieves pulled off what some have called “the heist of the century,” stealing priceless pieces of the French crown jewels that date back to the Napoleonic era. As the museum was opening, thieves dressed as construction workers drove up to the building in a truck outfitted with an extendable ladder. They climbed the ladder to reach a second-floor balcony, then used an angle grinder to cut through a window into the gallery housing the jewels, broke into display cases and took nine pieces of gem-encrusted jewelry. They then used the ladder to escape, attempted to set fire to their truck, and rode off on motorbikes. Many were captivated by the case and its sensational details, which seemed more like the plot of a heist movie than a news event. As French investigators raced to find the thieves before they could melt down the pieces and sell the jewels, the public also pored over details of the case and major security lapses at one of the world’s most famous museums like the lack of security cameras in the gallery or the surveillance system with the obvious password “Louvre.” Two suspects were arrested on October 26 as they were about to leave the country and authorities are still hunting for the other two thieves.
Thousands of Companies’ Operations Halted by Amazon Web Services Outage
October 20
A bug in its automation software caused outages for clients of Amazon’s AWS web services, causing service interruptions that impacted a wide range of downstream platforms, including Atlassian, Signal, Snapchat, Fortnite, Roblox, Coinbase, Venmo and Ring. Cyberrisk analytics firm CyberCube reported that the incident directly affected 70,000 organizations globally and estimated cyber insurance losses of $38 million to $581 million from the outage. Mehdi Daoudi, CEO of internet performance monitoring firm Catchpoint, estimated the total financial impact of the disruption would be in the billions of dollars. The incident was particularly notable given the sheer ubiquity of AWS as a critical component of companies’ operations. With approximately 30% market share, Amazon is the biggest cloud services provider. “This AWS outage underscores systemic cloud services provider concentration risk,” CyberCube noted in a blog post. The losses will primarily be felt by companies, with the insurance industry fairly insulated from aggregation risk due to waiting periods before outages are covered. “With disruptions extending 15 to 16 hours and most waiting periods in the 8 to 12-hour range, this outage could represent a moderate cyber (re)insurance event,” CyberCube noted.
Hurricane Melissa Becomes Strongest Atlantic Storm to Ever Make Landfall
October 28
Hurricane Melissa made landfall in Jamaica as a Category 5 storm, killing 54 people and causing widespread damage to more than 215,000 structures as high winds and torrential rain tore roofs and walls from municipal buildings, businesses, schools and homes. The country sustained an estimated $10 billion in damages from the storm. With its 185-mile-per-hour winds, Hurricane Melissa was not only the most powerful storm of the 2025 season, but was tied for both the second-strongest hurricane on record and the strongest to ever make landfall in the Atlantic. Overall, the 2025 Atlantic hurricane season was less active than expected, however, its three Category 5 hurricanes marked the second-highest number of Category 5 storms in a season behind only 2005, which saw four. Collectively, 2025 storms killed 134 people and caused $10.5 billion in damages, almost entirely caused by Hurricane Melissa.
Layoffs Hit “Recession-Like Levels,” On Par with Pandemic and 2008 Financial Crisis
November 6
In October, layoffs surged to levels typically seen in recessions, according to a report from Challenger, Gray & Christmas, a firm that tracks workplace reductions. Employers had announced over 1.1 million layoffs by the end of October, which the report noted was the highest number since the pandemic recession and on par with job cuts during the Great Recession in 2008. Layoffs were slightly lower in November, but still up 24% from job cuts in the same month last year. Year-to-date, the November report found job cuts at a five-year high as employers had announced 1,170,821 job cuts, up 54% from the same period last year and the highest total since the onset of COVID in 2020. According to the firm’s data, the most common factors employers cited for the announced layoffs were: restructuring, artificial intelligence, market and economic conditions, tariffs, and the “DOGE impact” (direct and downstream effects from the Department of Government Efficiency’s federal cuts earlier in the year). The current economic environment and uncertainty about tariffs and other key operational factors appear to be having a significant impact on the labor market that shows little sign of abating in the near future. Through November, U.S. employers announced 497,151 planned hires—35% fewer than the number announced at this point in 2024 and the lowest total since 2010.
159 Killed in Hong Kong Housing Complex Fire
November 26
Eight high-rise residential towers were scorched in a massive fire at an apartment complex in Hong Kong, ultimately killing at least 159 people. The buildings were in the midst of a months-long renovation project, so they were covered in bamboo scaffolding and protective netting intended to prevent debris from falling onto people below. Unfortunately, this safety measure ultimately proved catastrophic. The netting used was not up to fire safety codes, contributing to the fire’s rapid spread from building to building. Initially, samples of the netting taken at ground level appeared to be up to code, but samples taken higher found material that failed safety standards, suggesting to investigators that contractors may have cut corners to increase profits. Authorities also believe employees from a fire service installation contractor may have deactivated some fire alarms during maintenance. Local authorities are investigating claims of corruption and negligence regarding the renovation work and Hong Kong’s anti-corruption body and police have arrested at least 21 people, including engineering consultants, construction company directors and fire service installation workers. Officials have ordered contractors across Hong Kong to review the safety of similar materials at hundreds of other buildings under renovation, requiring them to submit detailed reports along with quality certificates and test results for any protective netting.
Starbucks to Pay Largest Worker Protection Settlement in NYC History
December 1
Officials announced the largest worker protection settlement in New York City history when Starbucks agreed to a $38.9 million settlement over violations of a city law guaranteeing fair working conditions. An investigation by the city’s Department of Consumer and Worker Protection found Starbucks violated the law more than half a million times since 2021 by failing to provide stable schedules for workers. More than 15,000 hourly workers who worked between July 2021 and July 2024 will be eligible receive restitution payments under the agreement, with payouts of approximately $50 per week worked during that period. Under the Fair Workweek Law, which was passed in 2017, fast-food employers must give workers consistent week-to-week schedules, provide schedules 14 days in advance, and cannot reduce hours by more than 15% without “just cause or a legitimate business reason.” Starbucks claimed the law is “notoriously challenging for businesses to navigate” and made a point of noting the violations were about compliance, not withholding wages or failing to pay partners.